<?php 
require_once('database.php');
$link=connectDB();
$tbl_name='room'; // Table name

$roomname=$_POST['name'];
$roomno=$_POST['no'];
$serviceid=$_POST['service'];
// To protect MySQL injection (more detail about MySQL injection)
$roomname = stripslashes($roomname);
$roomno = stripslashes($roomno);
$serviceid = stripslashes($serviceid);
$roomname = mysql_real_escape_string($roomname);
$roomno = mysql_real_escape_string($roomno);
$serviceid = mysql_real_escape_string($serviceid);

if($roomname != "" && $roomno != "" && $serviceid != "") {
	$sql="INSERT INTO $tbl_name(serviceId, roomName, roomNo, status) VALUES ($serviceid, '$roomname', '$roomno', 0)";
	$result=mysql_query($sql, $link);
	
	$sql="UPDATE services SET quantity=quantity+1 WHERE id=$serviceid";
	$result=mysql_query($sql, $link);
	header('Location: main.php');
	exit;
}else {
	header('Location: addroom.php');
}
?>